Software and attack centric integrated threat modeling for quantitative risk assessment

Proceedings of the Symposium and Bootcamp on the Science of Security Pub Date : 2016-04-19 DOI:10.1145/2898375.2898390

Bradley Potteiger, Gonçalo Martins, X. Koutsoukos

{"title":"Software and attack centric integrated threat modeling for quantitative risk assessment","authors":"Bradley Potteiger, Gonçalo Martins, X. Koutsoukos","doi":"10.1145/2898375.2898390","DOIUrl":null,"url":null,"abstract":"One step involved in the security engineering process is threat modeling. Threat modeling involves understanding the complexity of the system and identifying all of the possible threats, regardless of whether or not they can be exploited. Proper identification of threats and appropriate selection of countermeasures reduces the ability of attackers to misuse the system. This paper presents a quantitative, integrated threat modeling approach that merges software and attack centric threat modeling techniques. The threat model is composed of a system model representing the physical and network infrastructure layout, as well as a component model illustrating component specific threats. Component attack trees allow for modeling specific component contained attack vectors, while system attack graphs illustrate multi-component, multi-step attack vectors across the system. The Common Vulnerability Scoring System (CVSS) is leveraged to provide a standardized method of quantifying the low level vulnerabilities in the attack trees. As a case study, a railway communication network is used, and the respective results using a threat modeling software tool are presented.","PeriodicalId":163427,"journal":{"name":"Proceedings of the Symposium and Bootcamp on the Science of Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"41","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Symposium and Bootcamp on the Science of Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2898375.2898390","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 41

Abstract

One step involved in the security engineering process is threat modeling. Threat modeling involves understanding the complexity of the system and identifying all of the possible threats, regardless of whether or not they can be exploited. Proper identification of threats and appropriate selection of countermeasures reduces the ability of attackers to misuse the system. This paper presents a quantitative, integrated threat modeling approach that merges software and attack centric threat modeling techniques. The threat model is composed of a system model representing the physical and network infrastructure layout, as well as a component model illustrating component specific threats. Component attack trees allow for modeling specific component contained attack vectors, while system attack graphs illustrate multi-component, multi-step attack vectors across the system. The Common Vulnerability Scoring System (CVSS) is leveraged to provide a standardized method of quantifying the low level vulnerabilities in the attack trees. As a case study, a railway communication network is used, and the respective results using a threat modeling software tool are presented.

查看原文本刊更多论文

以软件和攻击为中心的定量风险评估集成威胁建模

安全工程过程中涉及的一个步骤是威胁建模。威胁建模包括理解系统的复杂性和识别所有可能的威胁，而不管它们是否可以被利用。正确识别威胁和适当选择对策可以减少攻击者滥用系统的能力。本文提出了一种定量的、集成的威胁建模方法，该方法将软件和以攻击为中心的威胁建模技术相结合。威胁模型由表示物理和网络基础设施布局的系统模型和表示特定于组件的威胁的组件模型组成。组件攻击树允许对包含攻击向量的特定组件进行建模，而系统攻击图则展示了跨系统的多组件、多步骤攻击向量。通用漏洞评分系统(CVSS)被用来提供一种对攻击树中的低级漏洞进行量化的标准化方法。以某铁路通信网为例，利用威胁建模软件工具给出了相应的分析结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Symposium and Bootcamp on the Science of Security

自引率

0.00%

发文量